Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 490
  • Last Modified:

ISDN link between two Cisco 3640s

I'm trying to setup an ISDN link between two Cisco 3640 routers. One is in Iowa, one is in Arizona. The link is just a backup in case the primary T1 was to go down. We are using seperate routers for this link, so no other configs are on the routers. I want to have it just connect the link when we send traffic to the router on our end with a destination of the other side.

So far, I cannot seem to get the link to come up. With the configs posted below, I can get the router on my side to dial when they see interesting traffic, but it disconnects after 22 seconds. I suspect this is something to do with authentication, but I don't know for sure. I'm looking for ideas or other troubleshooting and diagnostic commands that will tell me more about it.

The routers are named INARIZONA and TOARIZONA.

INARIZONA configs:

hostname inarizona
!
aaa new-model
aaa authentication login default local
aaa authentication login NO_AUTHEN none
aaa authentication ppp default local
enable password cisco
!
username toarizona password 0 cisco
username admin password 0 cisco
!
isdn switch-type basic-ni
!
interface BRI3/0
 ip address 10.253.0.2 255.255.0.0
 encapsulation ppp
 dialer idle-timeout 900
 dialer map ip 10.253.0.1 name toarizona speed 56 broadcast 3195554838
 dialer map ip 10.253.0.1 name toarizona speed 56 broadcast 3195554845
 dialer-group 1
 isdn switch-type basic-ni
 isdn spid1 48055503321111 5550332
 isdn spid2 48055504921111 5550492
 ppp authentication pap chap
 ppp pap sent-username inarizona password 0 cisco
 ppp multilink
!
dialer-list 1 protocol ip permit
----------------
inarizona#sho isdn stat
Global ISDN Switchtype = basic-ni
ISDN BRI3/0 interface
      dsl 16, interface ISDN Switchtype = basic-ni
    Layer 1 Status:
      ACTIVE
    Layer 2 Status:
      TEI = 112, Ces = 1, SAPI = 0, State = MULTIPLE_FRAME_ESTABLISHED
      TEI = 65, Ces = 2, SAPI = 0, State = MULTIPLE_FRAME_ESTABLISHED
      TEI 112, ces = 1, state = 5(init)
          spid1 configured, spid1 sent, spid1 valid
          Endpoint ID Info: epsf = 0, usid = 0, tid = B
      TEI 65, ces = 2, state = 5(init)
          spid2 configured, spid2 sent, spid2 valid
          Endpoint ID Info: epsf = 0, usid = 1, tid = B
    Layer 3 Status:
      0 Active Layer 3 Call(s)
    Active dsl 16 CCBs = 0
    The Free Channel Mask:  0x80000003


-------------------

TOARIZONA configs:

aaa authentication login default local
aaa authentication login NO_AUTHEN none
aaa authentication ppp default local
enable password cisco
!
username inarizona password 0 cisco
username admin password 0 cisco
!
isdn switch-type basic-ni
!
interface BRI2/0
 ip address 10.253.0.1 255.255.0.0
 no ip directed-broadcast
 encapsulation ppp
 dialer idle-timeout 900
 dialer map ip 10.253.0.2 name inarizona speed 56 broadcast 4805550332
 dialer map ip 10.253.0.2 name inarizona speed 56 broadcast 4805550492
 dialer load-threshold 80 outbound
 dialer-group 1
 isdn switch-type basic-ni
 isdn spid1 31955548381111
 isdn spid2 31955548451111
 ppp authentication pap chap
 ppp pap sent-username toarizona password 7 060506324F41
 ppp multilink
!
access-list 101 permit ip any any
dialer-list 1 protocol ip list 101


-------------------

toarizona#sho int bri2/0
BRI2/0 is up, line protocol is up (spoofing)
  Hardware is FECPM BRI with U interface
  Internet address is 10.253.0.1/16
  MTU 1500 bytes, BW 64 Kbit, DLY 20000 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation PPP, loopback not set
  Last input 00:00:17, output never, output hang never
  Last clearing of "show interface" counters 01:47:51
  Input queue: 0/75/0 (size/max/drops); Total output drops: 0
  Queueing strategy: weighted fair
  Output queue: 0/1000/64/0 (size/max total/threshold/drops)
     Conversations  0/1/16 (active/max active/max total)
     Reserved Conversations 0/0 (allocated/max allocated)
  5 minute input rate 0 bits/sec, 0 packets/sec
  5 minute output rate 0 bits/sec, 0 packets/sec
     938 packets input, 6235 bytes, 0 no buffer
     Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
     1319 packets output, 9077 bytes, 0 underruns
     0 output errors, 0 collisions, 0 interface resets
     0 output buffer failures, 0 output buffers swapped out
     3 carrier transitions

-------------------

toarizona# sho isdn stat
Global ISDN Switchtype = basic-ni
ISDN BRI2/0 interface
      dsl 16, interface ISDN Switchtype = basic-ni
    Layer 1 Status:
      ACTIVE
    Layer 2 Status:
      TEI = 65, Ces = 1, SAPI = 0, State = MULTIPLE_FRAME_ESTABLISHED
      TEI = 66, Ces = 2, SAPI = 0, State = MULTIPLE_FRAME_ESTABLISHED
      TEI 65, ces = 1, state = 5(init)
          spid1 configured, no LDN, spid1 sent, spid1 valid
          Endpoint ID Info: epsf = 0, usid = 70, tid = B
      TEI 66, ces = 2, state = 5(init)
          spid2 configured, no LDN, spid2 sent, spid2 valid
          Endpoint ID Info: epsf = 0, usid = 71, tid = B
    Layer 3 Status:
      0 Active Layer 3 Call(s)
    Activated dsl 16 CCBs = 0
    The Free Channel Mask:  0x80000003

-------------------

toarizona#sho isdn hist
--------------------------------------------------------------------------------
                                ISDN CALL HISTORY
--------------------------------------------------------------------------------
History table has a maximum of 100 entries for disconnected calls.
History table data is retained for a maximum of 15 Minutes for disconnected calls.
--------------------------------------------------------------------------------
Call    Calling      Called       Remote  Seconds Seconds Seconds Charges
Type    Number       Number       Name    Used    Left    Idle    Units/Currency
--------------------------------------------------------------------------------
Out              4805550332                     5                      0        
Out              4805550332                    22                      0        
--------------------------------------------------------------------------------




Any ideas on what I'm doing wrong would be greatly appreciated. Thanks.
0
llefebure
Asked:
llefebure
  • 3
1 Solution
 
Don JohnstonInstructorCommented:
If you suspect an authentication problem, do a "debug ppp authentication" and they have the link come up.

-Don
0
 
mikebernhardtCommented:
Do this:
1. remove the " ppp pap sent-username" commands from both routers

2. Make sure both routers have BOTH usernames configured.
      username toarizona password 0 cisco
      username inarizona password 0 cisco

3. Get rid of pap on both routers and just use chap
      no ppp authentication pap chap
      ppp authentication chap

The 2-way authentication that PPP does by default is very confusing in terms of which username and password IOS uses to send and receive- I can't ever keep it straight. the easiest thing is to let the router send it's own hostname as the username and make sure both usernames have the same password. Also, I've had better luck with chap than pap, and chap is more secure anyway.
0
 
llefebureAuthor Commented:
I'm fine with using CHAP instead of PAP. Now if I understand this correctly, by default it will use its own hostname as the username for the connection? Do I have to define the password in the link settings, or does it figure that out from the two username statements posted above?

It will be a week or more till I can test this again, so I haven't tested this yet.

Thanks
0
 
mikebernhardtCommented:
It will send the password defined for the OTHER username. I just remembered how it works (I think!). That's what makes it so confusing, and that's why you need both usernames.
0
 
mikebernhardtCommented:
By other username, I of course mean the password defined for username which matches the remote hostname.
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now